CVE-2005-2691
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
Date published : 2005-08-24
http://www.gulftech.org/?node=research&article_id=00094-08192005